MagicNET: XACML Authorization Policies for Mobile Agents Mr. Awais Shibli.

Slides:



Advertisements
Similar presentations
U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG
Advertisements

NRL Security Architecture: A Web Services-Based Solution
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
A responsibility based model EDG CA Managers Meeting June 13, 2003.
Grid Security. Typical Grid Scenario Users Resources.
Lecture 1: Overview modified from slides of Lawrie Brown.
Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Understanding Active Directory
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Introduction (Pendahuluan)  Information Security.
Risk Management.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Identity and Access Management
Cloud Usability Framework
Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.
SMART SECURITY ON DEMAND NETWORK ACCESS CONTROL Control Who And What Is On Your Network Larry Fermi Sr. Systems Engineer, NAC Subject Matter Expert.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
MagicNET: Security Architecture for Discovery and Adoption of Mobile Agents Presented By Mr. Muhammad Awais Shibli.
Cryptography and Network Security
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Mobile Agent Technology for the Management of Distributed Systems - a Case Study Claudia Raibulet& Claudio Demartini Politecnico di Torino, Dipartimento.
Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.
1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.
15/06/1999HP OVUA Workshop - Bologna - Italy1 An Integrated Environment for the Management of Network Resources and Services Paolo Bellavista, Antonio.
1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.
CSC8320. Outline Content from the book Recent Work Future Work.
Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion.
MagicNET: Security Architecture for Creation, Classification, and Validation of Trusted Mobile Agents Presented By Mr. Muhammad Awais Shibli.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
The Grid System Design Liu Xiangrui Beijing Institute of Technology.
MagicNET: Security System for Protection of Mobile Agents.
Oracle Data Integrator Architecture Components.
Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Information Security in Distributed Systems Distributed Systems1.
Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
Jini Architectural Overview Li Ping
Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
Venus Project Brief Description. What It Do What Monitor Log Analyze Block Narrow Report Search Where Single stations Internet Gates Special Devices Web.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Threats and Solutions of Information Security - Confidentiality, Integrity and Availability Hyunsung Kim.
Module 7: Designing Security for Accounts and Services.
Mobile Analyzer A Distributed Computing Platform Juho Karppinen Helsinki Institute of Physics Technology Program May 23th, 2002 Mobile.
WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Securely Managing VMS from a Windows Environment 1.
Identity and Access Management
Security Issues With Mobile IP
WEB APPLICATION Diagram Template
Grid Security.
Data & Network Security
Use cases for names and EPRs
A Component-based Architecture for Mobile Information Access
Module 1: Overview of Systems Management Server 2003
Intrinsic Security in the SORCER Grid
Presentation transcript:

MagicNET: XACML Authorization Policies for Mobile Agents Mr. Awais Shibli

Presentation Overview 1. Mobile Agents 2. NIST 3. Background 4. Research Problem 5. Solution 6. Conclusion

Mobile Agents Mobile agents are self-contained software modules with additional credentials and accumulated data. They roam a network, moving autonomously from one server to another, perform their designated tasks, and finally, eventually, return to their control station.

Security Threats- NIST-1998 Agent-to-Platform –Masquerading, Denial of Service, Unauthorized Access Agent-to-Agent –Masquerade, Denial of Service, Repudiation, Unauthorized Access Platform-to-Agent –Masquerade, Denial of Service, Eavesdropping, Alteration Other-to-Agent Platform –Masquerade, Unauthorized Access, Denial of Service, Copy and Replay

Background.. Authorization of Mobile agents Delegation of Access rights

Traditional Solution Users Authorization –RBAC –ACL –Attribute based Access Control

Research Problem.. Comprehensive solution for Mobile agents authorization ?? –Infrastructure Components –Delegation of rights from user to agent.

Solution ?? Infrastructure Components Binding between users and agents

MagicNET System Components MagicNET stands for Mobile Agents Intelligent Community Network, has developed at secLab at DSV Department at KTH. MagicNET provide complete infrastructural and functional component for secure mobile agent research and development. It provide support to build secure & trusted mobile agents, provide agents repository (agents’ store), Mobile Agents Servers (for their runtime execution), Mobile Agent Control Station, Infrastructural servers.

Authorization System RBAC XAML for Agents

Infrastructure Components

Execution.....

Policies Structure...

Entities namespace... Entity nameEntity value (URI)Std. Xacmlurn:oasis:names:tc:xacml:1.0:XACML xmlhttp:// rule-combineurn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:XACML policy-combineurn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:XACML functionurn:oasis:names:tc:xacml:1.0:function:XACML subject-categorysubject-category “urn:oasis:names:tc:xacml:1.0:subject-category:XACML subjecturn:oasis:names:tc:xacml:1.0:subject:XACML resourceurn:oasis:names:tc:xacml:1.0:resource:XACML actionurn:oasis:names:tc:xacml:1.0:action:XACML environmenturn:oasis:names:tc:xacml:1.0:environment:XACML roleurn:oasis:names:tc:xacml:2.0:subject:roleRBAC UserRoleurn:magicnet:names:AgentAuthPolicy:1.0:UserRole-values:- AgentRoleurn:magicnet:names:AgentAuthPolicy:1.0:AgentRole-values:- CategoryAttributeurn:magicnet:names:AgentAuthPolicy:1.0:attribute:SubjectCategory- AgentAuthPolicyurn:magicnet:names:AgentAuthPolicy:1.0:PolicyId:- AgentAdoptionPoliciesurn:magicnet:names:AgentAuthPolicy:1.0:AgentAdoptionPolicies- AgentAccessCPoliciesurn:magicnet:names:AgentAuthPolicy:1.0:AgentAccessControlPolicies- NS abbreviationNamespace definitionStd. xacmlhttp://

Conclusion and Future work Authorization infrastructure and structure of RBAC XACML policies for agents Federation ??? Agent baggage access control

Questions ???

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.